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REMARKS 



Applicants hereby request a Pre- Appeal Brief Review (hereinafter "Request") of 
the claims finally rejected in the Final Office Action mailed October 20, 2006, as the 
rejections are clearly in error. The Request is provided herewith in accordance with the 
rules set out in the OG dated July 12, 2005. 



I. Response to Rejection 

Applicants address the rejection of claim 1. The Examiner rejects claim 1 as 

anticipated by Schuba et al., Network Protection for Denial of Service Attacks , U.S. 

Patent 6,725,378 (April 20, 2004) (hereinafter "Schuba"). This rejection is clearly in 

error. Regarding this rejection the examiner states, in part, that: 

"if the number of connectionless; datagrams already queued to 
the port from the host exceeds a prescribed threshold 
discarding the datagram, if the number of connectionless 
datagrams already queued to the port from the host exceeds 
the prescribed threshold" is taught in '378 col. 4, lines 54-58 
"There is a limit on the number of concurrent TCP connections that 
can be in a half-open connection state, called the SYN-RECVD 
state (i.e., SYN received). When the maximum number of half- 
open connections per port is reached, TCP discards all new 
incoming connections requests"; 

Final office action of October 20, 2006, p. 5. 

Claim 1 is as follows: 

1 . A method of preventing a flooding attack on a network 
server in which a large number of connectionless datagrams are 
received for queuing to a port on the network server, comprising: 

determining, in response to the arrival of a connectionless 
datagram from a host for a port on the network server, if the 
number of connectionless datagrams already queued to the port 
from the host exceeds a prescribed threshold; 

discarding the datagram, if the number of connectionless 
datagram already queued to the port from the host exceeds the 
prescribed threshold; and 

queuing the connectionless datagram to a queue slot of the 
port, if the number of connectionless datagram already queued to 
the port from the host does not exceed the prescribed threshold. 
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Schuba does not anticipate claim 1 because Schuba does not teach the claimed 
steps of determining, discarding, and queuing, as claimed. Schuba does not teach these 
claimed steps because a half-open connection, as in Schuba, is not the same as a queue of 
datagrams, as in claim 1 . As acknowledged by the examiner (see above quote), Schuba 
teaches discarding half open connections until the maximum number of half-open 
connections is reduced. Nevertheless, the examiner asserts that discarding datagrams 
queued at a port, as claimed, has the same meaning as discarding too many half-open 
connections, as in Schuba. See the Final office action of October 20, 2006, pp. 3-4. 

However, several important differences exist between discarding additional 
connection requests, as in Schuba, and discarding the datagram, if the number of 
connectionless datagrams already queued to the port from the host exceeds the prescribed 
threshold, as recited in claim 1 . For example, in Schuba, no queue for the datagrams 
themselves has been described. Instead, Schuba refers to a half-open backlog queue. See 
Schuba, col. 11,11. 16-26. 

In contrast, claim 1 requires "discarding the datagram, if the number of 
connectionless datagrams already queued to the port from the host exceeds the prescribed 
threshold" (emphasis supplied). One of ordinary skill would instantly recognize the 
difference between discarding a datagram queued at a port and removing connections 
from a half-open backlog queue. A half-open connection is not a datagram, even if a 
half-open connection is created using datagrams. Schuba only teaches methods for 
dealing with too many half-open connections, which is entirely distinct from discarding 
datagrams queued at a port. The fact that half-open connections are created with 
connectionless datagrams is wholly irrelevant to this distinction. Therefore, Schuba does 
not anticipate claim 1 . 

II. Refutation of Examiner's Response 

In response to the above facts, the examiner states, in part, that: 

In response to applicant's argument on page 8, "Schuba only 
teaches methods for dealing with too many half-open connection, 
which entirely distinct from discarding datagrams queued at a port 
. . . The thrust of Applicants argument is not directed towards 
splitting fine hairs over the meaning of the term "connectionless" 
or the meaning of the term "queuing the connectionless datagram. 
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The thrust of Applicants' arguments is that a fundamental and 
marked difference exist between a queue of connectionless 
datagrams at a port, as claimed, and a queue of half-open 
connections, as described in Schuba. The Office disagrees with 
argument to establish a connection the standard TCP/IP three-way 
handshake must occur, that is how a connection is established. 
TCP/IP transfers connectionless datagrams. Discarding datagrams 
queued at a port, when there are too many half open-connections is 
the same meaning. Note to queue a port is to start communication, 
which can be termed a half open-connection. 

Final office action of October 20, 2006, pp. 3-4. 

The examiner asserts that discarding datagrams queued at a port is the same as 
discarding too many half open connections because a TCP/IP connection requires a three- 
way handshake and in TCP/IP transfer of connectionless datagrams occur. However, the 
examiner's response ignores the fact that a queue of half-open connections, as in Schuba, 
is still fundamentally different than a queue of connectionless datagrams, as in claim 1 . 
The examiner's assertion to the contrary is plainly wrong. For example, one of ordinary 
skill knows that: 

A half-open connection refers to a TCP connection that is 
partially open. 

The TCP protocol has a three state system for opening a 
connection. First, the originating site (A) sends a SYN packet to 
the destination (B). A is now half-open, and awaiting a response. B 
now updates its kernel information to indicate the incoming 
connection from A, and sends out a request to open a channel back 
(the SYN/ACK packet). 

At this point, B is now "half-open" (it has sufficient information to 
receive packets, but not enough to send packets back). Note that B 
was put into this state by another machine, outside of B's control. 

en . wikipedia. org/wiki/Half-open_connection 

Thus, once a computer receives a SYN packet, the computer is in a half-open 
state. In a half open state the computer updates its kernel information to indicate the 
incoming connection from a remote computer. The computer has sufficient information 
to receive, but not send packets. However, the computer is not accumulating a queue of 
datagrams . Instead, the computer can, via the kernel, accumulate a number of these half- 
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open states in which the computer is anticipating /w/wre datagrams. Schuba discusses 
discarding queues of these half-open connections. Thus, Schuba inherently teaches 
issuing a command to a kernel to discard half open connections. Claim 1 requires 
discarding connectionless datagrams, themselves, which is an entirely different thing. 
These two techniques are manifestly different from each other. 

To further illustrate the distinction, Schuba can receive ten SYN datagrams and, 
as a result, establish ten half-open connections. Schuba then decides that ten half-open 
connections is too many, so Schuba teaches discarding some of those ten half-open 
connections. The datagrams used to open the half-open connections are not discarded. 
In stark contrast, claim 1 requires discarding connectionless datagrams themselves. Thus, 
if a computer is receiving too many datagrams, then the datagrams are discarded, not the 
half-opened connections, as in Schuba. 

Therefore, the examiner's assertions that Schuba teaches features equivalent to 
those in claim 1 is manifestly incorrect. Accordingly, Shuba does not teach the features 
of claim 1. Therefore Schuba does not anticipate claim 1. For this reason, the rejections 
should be withdrawn. Applicants further request that the claims be allowed. 

The Pre-Appeal Brief Conference Panel is invited to call the undersigned at the 
below-listed telephone number if in the opinion of the Panel such a telephone conference 
would expedite or aid the prosecution and examination of this application. 

DATE: January 25, 2007 Respectfully submitted, 

/Theodore D. Fay III/ 

Theodore D. Fay III 
Reg. No. 48,504 
Yee & Associates, P.C. 
P.O. Box 802333 
Dallas, TX 75380 
(972)385-8777 
Attorney for Applicants 
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